Management and Network Services (MNS), LLC based in Dublin, OH provides post-acute healthcare companies with administrative support services. The email accounts of some MNS employees were found to have been compromised.

MNS explained in a May 4, 2020 breach notification letter that it found out on or about August 21, 2019 that a number of employee email accounts were accessed by unauthorized persons from April to July of 2019. The review of the email accounts lately showed that five accounts held the protected health information (PHI) of patients of MNS’
clients.

The data in email messages and attachments differed from person to person and might have included these data elements: name, health treatment data, diagnosis data/codes, medication data, dates of service, insurance company, medical insurance number, birth date, and Social Security number. The State ID card number, driver’s license number, and/or financial account data of some people were also exposed.

MNS has done what is necessary to enhance email security including improving password policies throughout the entire organization and having multi-factor authentication in all email accounts of employees.

The HHS’ Office for Civil Rights breach portal indicates that some PHI of 30,132 patients were exposed.

Email Security Breach at Santa Rosa & Rohnert Park Oral Surgery

Santa Rosa & Rohnert Park Oral Surgery on Portland, OR learned that an unauthorized person accessed an employee’s email account. The provider became aware of the breach on March 11, 2020 after discovering suspicious activity in the email account. The forensic investigators confirmed the breach of the email account on December 20, 2019 and that it was accessible until March 11, 2020 upon the security of the account. The compromised email account contained a variety of PHI which the attacker might have viewed or acquired.